only in patch2:
unchanged:
--- a/core/modules/user/src/Tests/UserPasswordResetTest.php
+++ b/core/modules/user/src/Tests/UserPasswordResetTest.php
@@ -38,21 +38,16 @@ protected function setUp() {
     $this->drupalPlaceBlock('system_menu_block:account');
 
     // Create a user.
-    $account = $this->drupalCreateUser();
+    $this->account = $this->drupalCreateUser();
 
     // Activate user by logging in.
-    $this->drupalLogin($account);
-
-    $this->account = user_load($account->id());
+    $this->drupalLogin($this->account);
     $this->drupalLogout();
 
     // Set the last login time that is used to generate the one-time link so
     // that it is definitely over a second ago.
-    $account->login = REQUEST_TIME - mt_rand(10, 100000);
-    db_update('users_field_data')
-      ->fields(array('login' => $account->getLastLoginTime()))
-      ->condition('uid', $account->id())
-      ->execute();
+    $this->account->setLastLoginTime(REQUEST_TIME - mt_rand(10, 100000));
+    $this->account->save();
   }
 
   /**
@@ -72,7 +67,7 @@ function testUserPasswordReset() {
     $edit['name'] = $this->account->getUsername();
     $this->drupalPostForm(NULL, $edit, t('Email new password'));
 
-     // Verify that the user was sent an email.
+    // Verify that the user was sent an email.
     $this->assertMail('to', $this->account->getEmail(), 'Password email sent to user.');
     $subject = t('Replacement login information for @username at @site', array('@username' => $this->account->getUsername(), '@site' => \Drupal::config('system.site')->get('name')));
     $this->assertMail('subject', $subject, 'Password reset email subject is correct.');
@@ -140,6 +135,34 @@ public function getResetURL() {
     return $urls[0];
   }
 
+
+  /**
+   * Test user password reset while logged in.
+   */
+  public function testUserPasswordResetLoggedIn() {
+    // Log in.
+    $this->drupalLogin($this->account);
+
+    // Reset the password by username via the password reset page.
+    $this->drupalGet('user/password');
+    $this->drupalPostForm(NULL, NULL, t('Email new password'));
+
+    // Click the reset URL while logged and change our password.
+    $resetURL = $this->getResetURL();
+    $this->drupalGet($resetURL);
+    $this->clickLink(t('Change your password.'));
+
+    // Make sure we do not need to enter the current password if we go to the
+    // "reset password" link while logged in.
+    $this->assertNoRaw(t('Current password'));
+
+    // Change the password.
+    $password = user_password();
+    $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password);
+    $this->drupalPostForm(NULL, $edit, t('Save'));
+    $this->assertText(t('The changes have been saved.'), 'Password changed.');
+  }
+
   /**
    * Prefill the text box on incorrect login via link to password reset page.
    */